commit 6dea1cf68e7b12d6348e37cbe27469c7f6b2ce8e
parent b00a58cfa72085c5e9353aa3b5ecfeba43984fce
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
Date: Fri, 3 Jun 2022 16:01:30 +0300
gen_auth: detect invalid Digest parameters without value the end of the string
Diffstat:
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/microhttpd/gen_auth.c b/src/microhttpd/gen_auth.c
@@ -176,17 +176,22 @@ parse_dauth_params (const char *str,
for (p = 0; p < sizeof(map) / sizeof(map[0]); p++)
{
struct dauth_token_param *const aparam = map + p;
- if ( (aparam->tk_name->len < left) &&
+ if ( (aparam->tk_name->len <= left) &&
MHD_str_equal_caseless_bin_n_ (str + i, aparam->tk_name->str,
aparam->tk_name->len) &&
- (('=' == str[i + aparam->tk_name->len]) ||
+ ((aparam->tk_name->len == left) ||
+ ('=' == str[i + aparam->tk_name->len]) ||
(' ' == str[i + aparam->tk_name->len]) ||
- ('\t' == str[i + aparam->tk_name->len])) )
+ ('\t' == str[i + aparam->tk_name->len]) ||
+ (',' == str[i + aparam->tk_name->len])) )
{
size_t value_start;
size_t value_len;
bool quoted; /* Only mark as "quoted" if backslash-escape used */
+ if (aparam->tk_name->len == left)
+ return false; /* No equal sign after parameter name, broken data */
+
quoted = false;
i += aparam->tk_name->len;
/* Skip all whitespaces before '=' */
